NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2000-08

Subject: Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook
From: Ben Greenbaum (bgreenbaumSECURITYFOCUS.COM)
Date: Thu Aug 10 2000 - 19:04:51 CDT

Next message: Eric Monti: "Re: Tumbleweed Worldsecure (MMS) BLANK 'sa' account password vulnerability (fwd)"
Previous message: der Mouse: "Re: reporting local security problems for WinNT (Re: Escalation of privileges)"
Maybe in reply to: Georgi Guninski: "MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
Next in thread: David LeBlanc: "Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
Maybe reply: Ben Greenbaum: "Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
Reply: David LeBlanc: "Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"This may be exploited also by visiting a web page with IE or
opening/previewing HTML email message with Outlook."

While this sentence is accurate, it is misleading as this vulnerability
can be exploited via any delivery mechanism at all, including Netscape
Navigator, Netscape Messenger, ftp etc. As long as the file is delivered
and opened in a vulnerable version of Word/Access, it works.

Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com

Next message: Eric Monti: "Re: Tumbleweed Worldsecure (MMS) BLANK 'sa' account password vulnerability (fwd)"
Previous message: der Mouse: "Re: reporting local security problems for WinNT (Re: Escalation of privileges)"
Maybe in reply to: Georgi Guninski: "MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
Next in thread: David LeBlanc: "Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
Maybe reply: Ben Greenbaum: "Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
Reply: David LeBlanc: "Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]